|
|
This manual describes how to configure and manage Catalyst 2000 switches using a standard SNMP-based network-management application. This manual also describes the standard MIB objects and MIB object extensions supported by Catalyst 2000 switches and includes information on precompiled schemas for SunNet Manager and profiles for Novell NetWare Management System (NMS).
Using the Simple Network Management Protocol (SNMP), Catalyst 2000 switches communicate with the third-party network-management application via its in-band management interface (the SNMP agent). The management information used to monitor and configure a Catalyst 2000 switch and its ports is represented as objects in a database called a Management Information Base (MIB). Catalyst 2000 switches supports standard MIB II objects as well as custom extensions designed to maximize control of Catalyst 2000 switching and hub capabilities.
Before you can access these functions, however, you must configure the SNMP application to understand and be able to access the objects contained in the Catalyst 2000 MIB. For SunNet Manager, use the supplied schemas which specify the Catalyst 2000 MIB with the syntax specific to the SUN platform. For Novell NMS, use the supplied profiles. The instructions for both of these are described in this manual. For other SNMP management systems, refer to the vendor's documentation for compiling third-party MIBs for use by a MIB browser function.
Catalyst 2000 switches use a subset of the Transmission Control Protocol/Internet Protocol (TCP/IP) suite as the underlying mechanism to transport the SNMP. The following protocols are implemented in Catalyst 2000 switches:
A Catalyst 2000 switch must be configured with an IP address before it can make available any in-band management. Addresses can be assigned individually in the administrative domain, or you can use BOOTP to maintain a database of such addresses.
To run this procedure you need a host machine with a BOOTP server program. This host must also have a database listing the physical MAC addresses and corresponding IP addresses. Other information such as the corresponding subnet masks, default gateway addresses and host names are optional but are used by the BOOTP protocol. Connect the Catalyst 2000 to this host through one of its ports.
When the Catalyst 2000 is reset, it looks into its Non-Volatile Random Access Memory (NVRAM) for a configured IP address and, if they exist, a default gateway address and IP subnet mask. If an IP address has not been configured, Catalyst 2000 transmits a BOOTP broadcast request to all of its ports having a physical connection, requesting mapping for its physical MAC address. A valid response includes the IP address, which is mandatory, and the subnet mask, default gateway, and host name, all of which are optional.
When the Catalyst 2000 receives a valid BOOTP response, it activates the rest of its protocol suite without having to be reset. It also saves the information in the NVRAM so that BOOTP is not needed when the system is next reset.
If the Catalyst 2000 does not receive a response from the host, it continues to send BOOTP requests indefinitely. Your BOOTP server documentation can provide more information about BOOTP.
As an alternative to the BOOTP protocol, you can configure the IP address by using a combination of the out-of-band management console and MIB object extensions.
The first step is to configure the IP address with the IP Configuration Menu. You can then continue to use this menu to configure the corresponding subnet masks and default gateway addresses, or use the in-band MIB objects described below.
MIB objects are followed by the type of value required in parentheses. Then there is a brief description, possible values, and the default, if any.
This is the Catalyst 2000 administrative IP address. The Catalyst 2000 may automatically discover a value for this object using the BootStrap protocol (BOOTP). The object value is also duplicated in the MIB-II ipAddrTable.
When VLANs are present, the Catalyst 2000 may be configured with up to four administrative IP addresses, one per VLAN. This object configures the IP address for the first VLAN. See the object vlanTable for how to configure the other IP addresses.
Assigning multiple VLAN IP addresses is only necessary if the VLANs in use represent separate physical IP subnets. This allows a management station residing on a VLAN to directly manage Catalyst 2000 switches without the need for an intervening router or gateway.
Default Value: | 0.0.0.0, or no address |
The Catalyst 2000 administrative IP subnet mask. The Catalyst 2000 may automatically discover a value for this read-write MIB object using the BootStrap protocol (BOOTP). The object value is also duplicated in the MIB-II ipAddrTable.
When VLANs are present, the Catalyst 2000 may be configured with up to four administrative IP subnet masks, one per VLAN. This object configures the subnet mask for the first VLAN. See the object vlanTable for how to configure the other subnet masks. Assigning multiple VLAN subnet masks is only necessary if the VLANs in use represent separate physical IP subnets.
A write to this value will take effect immediately.
Default Value: | 0.0.0.0, or no subnet mask |
The default gateway IP address is the address of the next-hop router the Catalyst 2000 uses to reach a non-local IP host when the Catalyst 2000 does not know the return route. During a normal management protocol exchange with an IP client host, the Catalyst 2000 simply sends its response onto the same route from which the request was received. The default gateway route is only used when the Catalyst 2000 itself initiates an exchange, such as a TFTP upgrade with the client.
The default gateway IP address is global to all VLANs, which is unlike the unique per-VLAN management IP address and subnet mask.
A write to this read-write object will take effect immediately, replacing the previous address, if any.
Default Value: | 0.0.0.0, or no address |
The Catalyst 2000 supports trivial authentication with community strings. You can change these strings with the management console as described in the respective Catalyst 2000 administrator's guides. There are two distinct community strings:
When configured to do so, the Catalyst 2000 can generate authenicationFailure traps when it receives a request with an invalid community string.
This MIB object displays a table (four entries) containing a list of IP addresses of workstations permitted to issue SET requests. Such a workstation is called a Set client. If this table is empty then any SET request with a matching SET community string is allowed. If at least one Set client is specified, then an incoming SET request must have its source IP address matched against an entry in this table before the SET is allowed.
A Set client entry whose IP address is 0.0.0.0 is considered invalid and will be ignored. This table is considered empty when all Set client addresses are zeroes (0.0.0.0).
This MIB object displays an IP address of a management station allowed to issue SET requests to this management agent.
This read-only MIB object provides identification of a SET client entry.
Valid Values: | 1 to 4 |
The SET client is assumed to be Internet UDP/IP based. This read-write MIB object is the client's IP address.
Setting this read-write MIB object to the value invalid has the effect of invalidating the corresponding entry. That is, it effectively disassociates the IP address identified with said entry from the table. It is an implementation specific matter as to whether the agent removes an invalidated entry from the table. Accordingly, management stations must be prepared to receive tabular information from agents that corresponds to entries not currently in use.
Valid Values: | other | (1) |
| invalid | (2) |
| permanent | (3) |
Traps use their own community strings and receiver messages. To configure a trap client, use the following MIB objects:
This table contains a list of Network Management Stations that are to receive traps generated by this Network Management Agent. Such an NMS is called a trap client. A trap client entry whose IP address is 0.0.0.0 is considered invalid and will be ignored.
This MIB object displays a destination address and community string to a particular trap client.
This read-only MIB object provides identification of a trap client entry.
Valid Values: | 1 to 4 |
The trap client is assumed to be Internet UDP/IP based. This read-write MIB object is the client's IP address.
This read-write MIB object displays the community string of up to 32 characters used for traps sent to this trap client.
When this read-write MIB object is set to the value invalid, it has the effect of invalidating the corresponding entry. That is, it effectively disassociates the IP address/community string identified with said entry from the table. It is an implementation specific matter as to whether the agent removes an invalidated entry from the table. Accordingly, management stations must be prepared to receive tabular information from agents that corresponds to entries not currently in use.
Valid Values: | other | (1) |
| invalid | (2) |
| permanent | (3) |
The Catalyst 2000 can generate five standard traps and two enterprise-specific traps. You can use MIB objects to suppress the generation of the authenticationFailure traps and the linkUp and linkDown traps.
This trap is generated on power-on reset, or on completion of a firmware upgrade, where the new firmware is immediately selected for execution.
You set this trap by setting the sysConfigReset MIB object, the sysConfigDefaultReset object, or by executing the reset command from one of the out-of-band Management Console menus.
This trap is produced whenever a port changes to a suspended or disabled state due to a secure address violation (mismatch or duplication), network connection error (loss of Link Beat, jabber error), or an explicit management disable action. The trap frame carries the index value of the port. The following MIB is used to enable or disable the generation of this trap.
This read-write MIB object indicates whether the Catalyst 2000 is permitted to generate linkUp/linkDown traps. The value of this object overrides any configuration information; as such, it provides a means whereby all linkUp/linkDown traps may be disabled.
Valid Values: | enabled |
| (1) |
| disabled | (2) |
|
Default Value: | enabled | (1) |
|
This trap reports a port transition from a suspended or disabled state to the enabled state. The trap frame contains the index value of the affected port. The netMgmtEnableLinkTraps MIB, described under the section "The linkDown Trap," can be used to enable or disable this trap.
This trap is generated whenever the Catalyst 2000 receives an SNMP message that is not properly authenticated, that is, not accompanied by a valid community string. Use the following MIB to set this trap.
This read-write MIB object indicates whether the Catalyst 2000 is permitted to generate authenticationFailure traps. The value of this object overrides any configuration information; as such, it provides a means whereby all authenticationFailure traps may be disabled.
This object manipulates the same value for the snmpEnableAuthenTraps object instance. The object is specified in this group for convenience.
Valid Values: | enabled | (1) |
| disabled | (2) |
Default Value: | enabled | (1) |
This enterprise-specific trap is generated when the out-of-band Management Console experiences successive logon failures due to invalid passwords. You can define the number of unsuccessful attempts with the netMgmtConsolePasswordThresh MIB object. Depending on the configuration of the netMgmtConsoleSilentTime MIB, the Catalyst 2000 can shut down the Management Console after the generation of this trap. The trap frame contains the name of the sending the Catalyst 2000 (the value of the sysName MIB object, or a null name).
A user is repeatedly trying to log on using an invalid password. The number of attempts exceeds the preset limit given in netMgmtConsolePasswordThresh. Depending on how the object netMgmtConsoleSilentTime is configured, the Catalyst 2000 may shut down the Management Console following the generation of this trap.
The Catalyst 2000 issues this enterprise-specific trap when its Power-On Self-Test (POST) does not pass all tests. Some POST failures are fatal and may prevent the generation of this trap. The trap frame contains the name of the sending the Catalyst 2000 (the value of the sysName MIB object) or a null name. A trap client can query the failing the Catalyst 2000 for the actual failure codes as stored in the sysInfoPOSTResult and sysInfoPOSTPortVector MIB objects.
The Catalyst 2000 issues this trap when its Power-On Self-Test (POST) code does not pass all tests. Some failures are catastrophic and may prevent the generation of this trap, as well as the system's operations.
The addressViolation trap is issued when an address violation is detected on a secured port. The generation of the addressViolation trap can be enabled or suppressed using the object sysConfigAddressViolationAlert.
The following traps are for the Spanning-Tree Protocol.
The newRoot trap indicates that the sending agent has become the new root of the spanning tree; the trap is sent by a bridge soon after its election as the new root, upon expiration of the Topology Change Timer immediately subsequent to its election. Implementation of this trap is optional.
A topologyChange trap is sent by a bridge when any of its configured ports transitions from the Learning state to the Forwarding state, or from the Forwarding state to the Blocking state. The trap is not sent if a newRoot trap is sent for the same transition. Implementation of this trap is optional.
The Catalyst 2000 supports all groups in MIB II except the Transmission Control Protocol (TCP) and the Exterior Gateway Protocol.
The following pages list the actions you use to manage and configure a Catalyst 2000, and the MIB objects associated with each action.
The following are the five supported MIBs:
| Action | Associated MIB Objects |
|---|---|
View Self Test Results | sysInfoPOSTResult sysInfoPOSTPortFailedPostMap |
View System Information | sysInfoFwdEngineRevision sysInfoBoardRevision sysInfoTotalNumberOfPorts sysInfoNumberOfInstalledModules sysInfoNumberOfSharedPorts sysInfoAddrCapacity sysInfoRestrictedStaticAddrCapacity |
View/Configure RS-232 Port for an Attached Modem | netMgmtModemInitString netMgmtModemAutoAnswer netMgmtModemDialString netMgmtModemDialDelay |
View/Configure Logon Security | netMgmtConsolePasswordThresh netMgmtConsoleSilentTime netMgmtConsoleInactTime |
View/Configure Switching Mode | sysConfigSwitchingMode sysConfigMulticastStoreAndForward |
View/Configure Port Monitoring Mode | sysConfigMonitor sysConfigMonitorPort sysConfigHigherProtocolMonitor swPortMonitoring |
View/Configure Virtual LAN Information | vlanMaxSupported vlanAllowMembershipOverlap |
View/Configure Virtual LAN Membership | vlanIndex vlanName vlanMemberPorts vlanMemberIndex vlanMemberPortIndex vlanMemberPortOfVlan |
View/Configure Address Security | swPortAddressingSecurity swPortAddressTableSize swPortSecuredAddressViolations sysConfigAddressViolationAlert sysConfigAddressViolationAction |
View/Configure Performance Information | sysInfoBuffersUsed sysInfoMaxBuffers sysInfoUtilDisplay swPortTxQueueFullDiscards swPortRxNoBufferDiscards bandwidthUsageCurrent bandwidthUsageMaxPeakEntries bandwidthUsagePeakInterval bandwidthUsagePeakRestart bandwidthUsageCurrentPeakEntry bandwidthUsagePeakIndex bandwidthUsageStartTime bandwidthUsagePeak bandwidthUsagePeakTime |
View/Configure Port Characteristics | swPortIndex swPortName swPortMediaCapability swPortControllerRevision swPortMtu swPortSpeed swPortConnectorType sysConfigPort25Connector swPortFullDuplex |
swPortNumberOfLearnedAddresses swPortNumberOfStaticAddresses swPortEraseAddresses swPortFloodUnregisteredMulticasts swPortFloodUnknownUnicasts | |
View Port Receive Statistics | swPortRxStatIndex swPortRxTotalOctets swPortRxTotalOctetsWraps swPortRxTotalFrames swPortRxUnicastFrames swPortRxUnicastOctets swPortRxUnicastOctetsWraps swPortRxBroadcastFrames swPortRxBroadcastOctets swPortRxBroadcastOctetsWraps swPortRxMulticastFrames swPortRxMulticastOctets swPortRxMulticastOctetsWraps swPortRxForwardedFrames swPortRxFilteredFrames swPortRxNoBufferDiscards swPortRxFCSErrors swPortRxAlignmentErrors swPortRxFrameTooLongs swPortRxRunts |
View/Configure Port Status | swPortStatus swPortAdminStatus swPortLastStatus swPortStatusChanges swPortLinkbeatStatus swPortLinkbeatLosses swPortJabberStatus swPortJabbers |
View Port Transmit Statistics | swPortTxStatIndex swPortTxTotalOctets swPortTxTotalOctetsWraps swPortTxTotalFrames swPortTxUnicastFrames swPortTxUnicastOctets swPortTxUnicastOctetsWraps swPortTxBroadcastFrames swPortTxBroadcastOctets swPortTxBroadcastOctetsWraps swPortTxMulticastFrames swPortTxMulticastOctets swPortTxMulticastOctetsWraps swPortTxDeferrals swPortTxSingleCollisions swPortTxMultipleCollisions swPortTxLateCollisions swPortTxExcessiveCollisions swPortTxExcessiveDeferrals swPortTxExcessiveCollisions16s swPortTxExcessiveCollisions4s swPortTxQueueFullDiscards swPortTxErrors |
View/Configure Collision Histograms | swPortTxCollIndex swPortTxCollCount swPortTxCollFrequencies |
View/Configure Spanning-Tree Protocol | sysConfigEnableSTP |
View/Configure for In-Band Management | netMgmtIpAddress netMgmtDefaultGateway netMgmtIpSubnetMask vlanIpAddress vlanIpSubnetMask |
View/Configure Set Clients | netMgmtSetClientIndex netMgmtSetClientAddr netMgmtSetClientStatus |
View/Configure Trap Clients | netMgmtTrapClientIndex netMgmtTrapClientAddr netMgmtTrapClientComm netMgmtTrapClientStatus netMgmtEnableLinkTraps netMgmtEnableAuthenTraps logonIntruder topologyChange switchDiagnostic newRoot |
View/Configure Firmware Upgrades | upgradeFirmwareSource upgradeEPROMRevision upgradeFlashSize upgradeFlashBankStatus upgradeTFTPServerAddress upgradeTFTPLoadFilename upgradeTFTPInitiate upgradeAutoExecute upgradeTFTPAccept |
Reset System | sysConfigReset sysConfigDefaultReset |
Clear Port Statistics | sysConfigClearPortStats swPortClearStatistics |
| Action | Associated MIB Objects |
|---|---|
View/Configure High-Speed Modules | esModuleCapacity esModuleIndex esModuleStatus esModuleAdminStatus esModuleDescr esModuleID esModuleVersion esModuleObjectID esModulePortCapacity esModuleReset esModuleLastStatusChange esModuleCollisionPeriods esModulePortTable esModulePortIndex esModulePortDescr esModulePortAdminStatus esModulePortAutoPartitionState esModulePortOperStatus esModulePortLinkbeatStatus esModulePortConnectorType esModulePortReceivePeriods |
| FDDI Portion of Module MIB | |
View FDDI POST Results | fmCfgPOSTResult fmCfgPOSTTest fmCfgPOSTLoopbackResult |
Reset FDDI Module | fmCfgResetToFactoryDefaults fmCfgResetModule |
View/Configure FDDI to Ethernet Frame Translation | fmCfgNovellFDDISNAPTranslation fmCfgUnmatchedSNAPDestination |
View/Configure SMT Authorization | fmCfgAuthorizationChecking fmCfgAuthorizationString |
View/Configure FDDI Module Firmware Status | fmCfgFirmwareVersion fmCfgBOOTCodeVersion fmCfgFlashStatus |
View FDDI Translation to Ethernet Statistics | fmXlateToEthIndex fmXlateToEthNovellSnapToRaw8023Frames fmXlateToEthNovellSnapToEthIIFrames fmXlateToEthNovellSnapToSnapFrames fmXlateToEthAppleTalkSnapToSnapFrames fmXlateToEthIpSnapForFragmentationFrames fmXlateToEthIpSnapFragmentedFrames fmXlateToEthBridgeTunnelToEthIIFrames fmXlateToEthOtherSnapToEthIIFrames fmXlateToEthOtherSnapToSnapFrames fmXlateToEth8022To8022Frames |
View FDDI Translation to FDDI | fmXlateToFDDIIndex fmXlateToFDDINovellRaw8023ToSnapFrames fmXlateToFDDINovellEthIIToSnapFrames fmXlateToFDDINovellSnapToSnapFrames fmXlateToFDDIEthIIToBridgeTunnelFrames fmXlateToFDDIEthIIToSnapFrames fmXlateToFDDIOtherSnapToSnapFrames fmXlateToFDDI8022To8022Frames |
View FDDI Frame Filtering Statistics | fmFilterIndex fmFilterFcsInvalidFrames fmFilterDataLengthFrames fmFilterErrorIndFrames fmFilterFddiFifoOverrunFrames fmFilterFddiInternalErrorFrame fmFilterNoEndDelimitFrames fmFilterNoLlcHeaderFrames fmFilterSourceRouteFrames fmFilterNoSnapHeaderFrames fmFilterTooLargeFrames fmFilterNovellSnapFilteredFrames fmFilterCantFragmentFrames fmFilterBadIpHeaderFrames fmFilterRingDownDiscards fmFilterNovellOtherFilteredFrames |
View FDDI Performance Information | fmFilterNoBufferSpaceFrames fmCfgUnmatchedSNAPDestination |
| Action | Associated MIB Objects |
|---|---|
View Spanning-Tree Protocol Status | dot1dStpTimeSinceTopologyChange dot1dStpTopChanges dot1dStpDesignatedRoot dot1dStpMaxAge dot1dStpHelloTime dot1dStpHoldTime dot1dStpFowardDelay dot1dStpProtocolSpecification dot1dStpRootCost dot1dStpRootPort |
View/Configure Spanning-Tree Protocol Parameters when this Bridge is Acting as Root | dot1dBridgeHelloTime dot1dBridgeMaxAge dot1dBridgeForwardDelay |
View/Configure Spanning-Tree Protocol Parameters | dot1dStpPriority |
View/Configure Per Port Spanning-Tree Protocol Status | dot1dStpPortPriority dot1dStpPortState dot1dStpPortEnable dot1dStpPortPathCost dot1dStpPortDesignatedRoot dot1dStpPortDesignatedCost dot1dStpPortDesignatedBridge dot1dStpPortDesignatedPort dot1dStpPortForwardTransitions |
View/Configure Address Aging Parameters | dot1dTpLearnedEntryDiscards dot1dTpAgingTime |
View/Configure the Forwarding Database of the Bridge | dot1dTpFdbAddress dot1dTpFdbPort dot1dTpFdbStatus |
View/Configure the Static Address Table | dot1dStaticAddress dot1dStaticReceivePort dot1dStaticAllowedToGoTo dot1dStaticStatus |
| Action | Associated MIB Objects |
|---|---|
View SMT Information | fddimibSMTStationId fddimibSMTOpVersionId fddimibSMTMIBVersionId fddimibSMTMACCts fddimibSMTNonMasterCts fddimibSMTConnectionPolicy fddimibSMTBypassPresent fddimibSMTECMState fddimibSMTCFState fddimibSMTRemoteDisconnectFlag fddimibSMTStationStatus |
View/Configure SMT Information | fddimibSMTNotify |
View MAC Information | fddimibMACFrameStatusFunctions fddimibMACAvailablePaths fddimibMACUpstreamNbr fddimibMACDownstreamNbr fddimibMACOldUpstreamNbr fddimibMACOldDownstreamNbr fddimibMACDownstreamPORTType fddimibMACTReq fddimibMACTNeg fddimibMACFrameErrorThreshold |
View MAC Traffic Statistics | fddimibMACFrameCts fddimibMACCopiedCts fddimibMACTransmitCts fddimibMACErrorCts fddimibMACLostCts fddimibMACTokenCts fddimibMACTvxExpiredCts fddimibMACNotCopiedCts fddimibMACLateCts fddimibMACRingOpCts fddimibMACNotCopiedRatio fddimibMACNotCopiedFlag |
View PORT Information | fddimibPORTMyType fddimibPORTNeighborType fddimibPORTConnectionPolicies fddimibPORTCurrentPath fddimibPORTAvailablePaths fddimibPORTPMDClass fddimibPORTLCTFailCts fddimibPORTLemRejectCts fddimibPORTLemCts fddimibPORTPCMState |
| Action | Associated MIB Objects |
|---|---|
View RS-232 Port Input/Output Signals | rs232InSigPortIndex rs232InSigName rs232InSigState rs232InSigChanges rs232OutSigPortIndex rs232OutSigName rs232OutSigState rs232OutSigChanges |
View/Configure RS-232 Port Characteristics | rs232Number rs232PortIndex rs232PortType rs232PortInSigNumber rs232PortOutSigNumber rs232PortInSpeed rs232PortOutSpeed |
View/Configure RS-232 Async Port Characteristics | rs232AsyncPortIndex rs232AsyncPortBits rs232AsyncPortStopBits rs232AsyncPortParity rs232AsyncPortAutobaud |
View RS-232 Async Port Statistics | rs232AsyncPortParityErrs rs232AsyncPortFramingErrs rs232AsyncPortOverrunErrs |
Posted: Wed Aug 1 17:20:24 PDT 2001
All contents are Copyright © 1992--2001 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.